Post-Cutover Instructions

Deferred procedures to execute after the pipeline is confirmed stable (Task 4.13 passes).

Stability Criteria

The pipeline is stable when Task 4.13 (stability verification) passes: a real PR merge to main triggers CI → workflow_run fires deploy.yaml → all 4 partitions deploy successfully with correct approval gates → sites verified.

1. Production Verification Procedure

After the first production deployment via the new pipeline, verify at live.app.arda.cards:

Sign in with production credentials
Navigate to Items — page loads, data visible
Navigate to Order Queue — page loads, data visible
Navigate to Receiving — page loads
Check browser console for errors — none expected
Coordinate with business stakeholders to confirm production is operational

2. `validate-pr-source.yml` Relaxation

The current workflow enforces dev → stage → main PR source validation. With the new pipeline, all PRs go directly to main. Options:

(a) Remove the workflow entirely — simplest. PRs from any branch to main are allowed.

(b) Two-step: First update to allow PRs from any branch to main, then remove after confirming no one relies on the old model.

(c) Invert: Block PRs from dev/stage to main to prevent accidental use of the old promotion model. This is the safest transition.

Recommendation: (c) — invert the check for a transition period, then remove entirely.

3. Branch Deletion

Delete the legacy promotion branches from arda-frontend-app. Only after confirming the new pipeline is stable and no active work targets these branches.

git push origin --delete dev
git push origin --delete stage
git push origin --delete demo

Note: The demo branch was created for this project and is no longer needed on the remote. The demo Amplify app is connected to it but has auto-build disabled — deleting the remote branch has no effect on the deployed app (deployments use StartJob which builds from git, and the branch still exists locally in Amplify’s git connection).

4. Demo Amplify Cleanup (Optional)

If the demo environment is not intended to be permanent:

# Delete branch stack first (depends on app stack exports)
aws cloudformation delete-stack --stack-name "Alpha001-demo-AmplifyBranch" --region us-east-1 --profile Admin-Alpha1
aws cloudformation wait stack-delete-complete --stack-name "Alpha001-demo-AmplifyBranch" --region us-east-1 --profile Admin-Alpha1

# Then delete app stack
aws cloudformation delete-stack --stack-name "Alpha001-demo-Amplify" --region us-east-1 --profile Admin-Alpha1

Also remove demo from the deploy.yaml job chain and the AMPLIFY_DEPLOY_TARGETS in amm.sh.

If demo becomes permanent, no cleanup needed — it continues to be deployed as part of the pipeline.

5. IAM Role OIDC Scope Cleanup (PR4)

Remove refs/heads/demo from the frontend IAM role’s OIDC trust conditions (no longer needed after branch deletion).

Create branch jmpicnic/frontend-pipeline/oidc-cleanup in infrastructure
Edit src/main/cdk/constructs/oam/gh-oidc-provider.ts:
- Remove repo:Arda-cards/arda-frontend-app:ref:refs/heads/demo from the sub conditions
- Remove refs/heads/demo from the ref conditions
- Remove repo:Arda-cards/arda-frontend-app:environment:demo from the sub conditions (if demo is being decommissioned)
Update CHANGELOG.md
Create PR4, merge, deploy via amm.sh to both Alpha001 and Alpha002

6. Reconcile CDK State

The IAM trust policies on both accounts were modified directly via AWS CLI during this project (drift items 3 and 5 in drift-warnings.md). Run amm.sh for both accounts to reconcile the CDK-managed state with the live state:

# Alpha001 (via GH Actions or locally)
./amm.sh --profile Admin-Alpha1 --region us-east-1 Alpha001 demo

# Alpha002 (via GH Actions or locally)
./amm.sh --profile Alpha002-Admin --region us-east-1 Alpha002 dev

Prerequisite: PR #428 (OIDC environment subjects) is already merged. Verify infrastructure repo is on a commit that includes the environment: subjects in gh-oidc-provider.ts before running.